Security Operations Center (SOC) Lead

• Partner with the Director of Information Security to define and execute a SOC modernization roadmap, balancing quick wins with scalable, long-term improvements
• Standardize end-to-end SOC workflows, including intake, triage, investigation, escalation, and closure
• Improve case management quality through structured templates, consistent documentation, and audit-ready evidence capture
• Establish operational rhythms such as queue health checks, weekly operations reviews, monthly metrics reporting, and tabletop exercises

AI-Driven SOC & Workflow Automation

• Implement AI-assisted capabilities to enhance analyst efficiency, including:
• Alert clustering, deduplication, and prioritization
• Automated enrichment (asset/user context, baselines, threat intelligence, cloud context)
• Investigation copilots (timeline creation, query suggestions, correlation summaries)
• Automated drafting of case notes and executive-ready incident summaries with traceable evidence
• Define and enforce AI governance guardrails (human approval workflows, scoped permissions, audit trails, and data handling standards)
• Evaluate vendors and internal solutions, run pilots, measure outcomes, and lead production rollouts
• Lead integrations across SIEM, EDR, SOAR, cloud telemetry, ticketing systems, and collaboration/on-call tools
• Partner with Platform Engineering to enhance telemetry pipelines (parsing, normalization, enrichment, and retention)
• Establish operational acceptance criteria for tooling changes, including signal quality, latency, reliability, and access control standards
• Define and track SOC KPIs such as time-to-triage, case aging, escalation quality, and automation coverage
• Drive continuous improvement through regular reviews, quality sampling, and post-incident analysis
• Identify recurring issues and implement targeted improvements through playbooks, automation, training, and data enhancements
• Train and mentor analysts on standardized workflows and effective use of AI-enabled tools
• Strengthen cross-functional collaboration between SOC, Engineering, IT, and Platform teams
• Provide clear, concise operational updates to leadership and key stakeholders

Required Qualifications

• 5+ years of experience in Security Operations, SOC Engineering, or Incident Response
• Strong understanding of SOC workflows, incident lifecycle management, and escalation models
• Hands-on experience with SIEM/EDR platforms and integrating security tools via APIs or webhooks
• Proven ability to drive operational improvements across processes, metrics, and tooling adoption
• Excellent written communication and stakeholder management skills

Preferred Qualifications

• Experience implementing AI-assisted SOC tools (e.g., copilots or agent-based systems) with governance controls
• Background in SOAR and automation with approval-based workflows and safe execution practices
• Familiarity with query languages such as WQL (Wazuh), SPL (Splunk), or KQL (Microsoft Sentinel), plus scripting (Python/Bash)
• Experience with cloud and identity platforms (AWS, Azure, GCP, IAM, SSO, MFA)

What Success Looks Like

• SOC workflows are standardized, consistent, and measurable across teams and shifts
• Reduced alert noise and faster, more context-rich investigations
• AI-assisted tooling improves analyst productivity and documentation quality while maintaining strong governance
• Improved integrations and telemetry reduce operational friction and case resolution times
• Leadership has clear visibility into SOC performance through measurable, ongoing improvements